Recently Asked Questions

We had a patron come in this past week who said that he couldn't see well and also couldn't type or use a mouse, but he needed to certify Unemployment Insurance. He asked the staff member to login with his username and password and do this for him, and the staff member was, understandably, uncomfortable doing it.

I feel like patrons who divulge their personal data to us are doing it of their own accord and our privacy responsibility is to not share that information with others without the consent of the patron.

In this particular case, the patron was offering his information and consenting for us to enter it for him. As such, I don't think this violates any privacy agreement we have made as employees of the library.

The part that I worry about is, could this come back on an employee if they are doing a legal filing for a patron and the filing may be fraudulent? I am optimistic by nature and like to think people have good intentions, but the reality is, I know this happens. I wouldn't want to put an employee in a sticky legal position if they filed what might turn out to be a fraudulent claim for someone.

Do you know of similar situations in other libraries and what, if any, legal ramifications there might be for employees who could be caught in the middle of something like this?

Our library offers a variety of business services such as copying, scanning, emailing, and faxing, and we also have staff on hand to assist patrons with these services. We often have patrons request assistance with scanning and emailing or faxing sensitive documents including checks (with banking/routing numbers), driver’s licenses, Social Security cards, or other financial/legal documents.

I am wondering:

a) What responsibility do library staff have to inform a patron if we think they may be in the process of communicating with and sending documents to a scammer? How do we protect our patrons from scams/fraud while also respecting their privacy?

b) How liable is the library/library staff if a patron is scammed after library staff use library resources to send documents/information that played into the scam, even at the patron's request?

We are a municipal library and the building is owned by the county. The county will be installing security cameras outside the library in multiple locations for safety reasons. These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.

I have two questions related to this.

1. What type of permanent notification do we need to post about the use of cameras?

 2. What major points do we need to ensure we include in our privacy policy?

My questions involve background checks for potential new employees, fingerprinting, developing policies, procedures, and best practices.

Do background checks, fingerprinting, etc., need to be done for all positions? Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants? Can the background check need to include a financial check and a legal check?

And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well.

My institution has a small number of documents in our archives related to previous graduate students. Some are definitely educational records (transcripts, field placement evaluations). Then there are a) letters of recommendation received by the school or written by school faculty/administrators and sent to other schools, b) some correspondence between a student and the school/administration, and other items like c) copies of images or articles from student publications.

The documents span decades.   Most --- but not all--- of these former students are confirmed deceased. Most items in this small group of documents relate to alumni who were/are notable, but in widely varying degrees.

A few of these documents concern a famous alum, who passed away.  An outside researcher is asking about the documents related to that alum, and unfortunately, there are no surviving institutional access policies related to student records or unpublished correspondence in our archives. We want to respect copyright, FERPA, and the alum's estate.

For the educational records, I can't find clear guidance on how long FERPA access restrictions last, but other academic collections seem to allow access 50-75 years after the former student's death.

So, a few questions:

1) When should on-site access to historical educational records be allowed (if ever), with reference to FERPA? What about providing copies of historical educational records?
 

2) When should on-site access to unpublished, non-educational records related to former students be allowed, in reference to state and federal copyright and privacy laws, and possibly FERPA? What about providing copies of these documents?
 

3) Should we take a more risk-averse approach to high-profile alumni materials, or should our policies apply equally to all alums?